Source for file User.php
Documentation is available at User.php
6: * @copyright Copyright (c) 2004, 2010 David Grudl
7: * @license http://nettephp.com/license Nette license
8: * @link http://nettephp.com
16: * Authentication and authorization.
18: * @copyright Copyright (c) 2004, 2010 David Grudl
21: * @property-read IIdentity $identity
22: * @property IAuthenticator $authenticationHandler
23: * @property IAuthorizator $authorizationHandler
24: * @property-read int $signOutReason
25: * @property-read array $roles
26: * @property-read bool $authenticated
30: /**#@+ sign-out reason {@link User::getSignOutReason()} */
36: /** @var string default role for unauthenticated user */
39: /** @var string default role for authenticated user without own identity */
42: /** @var array of function(User $sender); Occurs when the user is successfully authenticated */
45: /** @var array of function(User $sender); Occurs when the user is logged off */
48: /** @var IAuthenticator */
49: private $authenticationHandler;
51: /** @var IAuthorizator */
52: private $authorizationHandler;
55: private $namespace =
'';
57: /** @var SessionNamespace */
62: /********************* Authentication ****************d*g**/
67: * Conducts the authentication process.
72: * @throws AuthenticationException if authentication was not successful
77: if ($handler ===
NULL) {
83: $credentials =
array(
91: $this->onAuthenticated($this);
97: * Logs off the user from the current session.
98: * @param bool clear the identity from persistent storage?
101: final public function signOut($clearIdentity =
FALSE)
105: $this->onSignedOut($this);
108: if ($clearIdentity) {
116: * Is this user authenticated?
122: return $session &&
$session->authenticated;
128: * Returns current user identity, if any.
134: return $session ?
$session->identity :
NULL;
140: * Sets authentication handler.
141: * @param IAuthenticator
142: * @return User provides a fluent interface
146: $this->authenticationHandler =
$handler;
153: * Returns authentication handler.
154: * @return IAuthenticator
158: if ($this->authenticationHandler ===
NULL) {
161: return $this->authenticationHandler;
167: * Changes namespace; allows more users to share a session.
169: * @return User provides a fluent interface
173: if ($this->namespace !==
$namespace) {
174: $this->namespace = (string)
$namespace;
175: $this->session =
NULL;
183: * Returns current namespace.
188: return $this->namespace;
194: * Enables sign out after inactivity.
195: * @param string|int|DateTimenumber of seconds or timestamp
196: * @param bool sign out when the browser is closed?
197: * @param bool clear the identity from persistent storage?
198: * @return User provides a fluent interface
200: public function setExpiration($time, $whenBrowserIsClosed =
TRUE, $clearIdentity =
FALSE)
205: $session->expireTime =
$time;
206: $session->expireDelta =
$time -
time();
209: unset($session->expireTime, $session->expireDelta);
212: $session->expireIdentity = (bool)
$clearIdentity;
213: $session->expireBrowser = (bool)
$whenBrowserIsClosed;
214: $session->browserCheck =
TRUE;
215: $session->setExpiration(0, 'browserCheck');
222: * Why was user signed out?
228: return $session ?
$session->reason :
NULL;
234: * Returns and initializes $this->session.
235: * @return SessionNamespace
239: if ($this->session !==
NULL) {
240: return $this->session;
244: if (!$need &&
!$sessionHandler->exists()) {
248: $this->session =
$session =
$sessionHandler->getNamespace('Nette.Web.User/' .
$this->namespace);
254: if ($session->authenticated &&
$session->expireBrowser &&
!$session->browserCheck) { // check if browser was closed?
255: $session->reason =
self::BROWSER_CLOSED;
256: $session->authenticated =
FALSE;
257: $this->onSignedOut($this);
258: if ($session->expireIdentity) {
259: unset($session->identity);
263: if ($session->authenticated &&
$session->expireDelta >
0) { // check time expiration
264: if ($session->expireTime <
time()) {
265: $session->reason =
self::INACTIVITY;
266: $session->authenticated =
FALSE;
267: $this->onSignedOut($this);
268: if ($session->expireIdentity) {
269: unset($session->identity);
272: $session->expireTime =
time() +
$session->expireDelta; // sliding expiration
275: if (!$session->authenticated) {
276: unset($session->expireTime, $session->expireDelta, $session->expireIdentity,
277: $session->expireBrowser, $session->browserCheck, $session->authTime);
280: return $this->session;
286: * Sets the authenticated status of this user.
287: * @param bool flag indicating the authenticated status of user
288: * @return User provides a fluent interface
293: $session->authenticated = (bool)
$state;
295: // Session Fixation defence
299: $session->reason =
NULL;
300: $session->authTime =
time(); // informative value
303: $session->reason =
self::MANUAL;
304: $session->authTime =
NULL;
312: * Sets the user identity.
314: * @return User provides a fluent interface
324: /********************* Authorization ****************d*g**/
329: * Returns a list of effective roles that a user has been granted.
345: * Is a user in the specified effective role?
357: * Has a user effective access to the Resource?
358: * If $resource is NULL, then the query applies to all resources.
359: * @param string resource
360: * @param string privilege
363: public function isAllowed($resource =
NULL, $privilege =
NULL)
371: if ($handler->isAllowed($role, $resource, $privilege)) return TRUE;
380: * Sets authorization handler.
381: * @param IAuthorizator
382: * @return User provides a fluent interface
386: $this->authorizationHandler =
$handler;
393: * Returns current authorization handler.
394: * @return IAuthorizator
398: if ($this->authorizationHandler ===
NULL) {
401: return $this->authorizationHandler;
406: /********************* backend ****************d*g**/
411: * Returns session handler.